cs.xiht.plus Open in urlscan Pro
160.20.59.33  Malicious Activity! Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response cs.xiht.plus/line/	6 KB 3 KB	280ms 68ms	Document text/html	160.20.59.33 HKKFGL-AS-AP HK K...
General Check archive.org Show headers Download Go to Full URL https://cs.xiht.plus/line/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 160.20.59.33 , Hong Kong, ASN133115 (HKKFGL-AS-AP HK Kwaifong Group Limited, HK), Reverse DNS Software nginx / Resource Hash 33d8a2ac1557580cf6b60f833be3d06ebab915f787840b89eda95adc19751be7 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Response headers server nginx date Fri, 03 Dec 2021 11:56:54 GMT content-type text/html; charset=utf-8 vary Accept-Encoding expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache strict-transport-security max-age=31536000 content-encoding gzip
GET H2	404	torimochi.js cs.xiht.plus/line/js/	0 0	58ms 57ms	Script text/html	160.20.59.33 HKKFGL-AS-AP HK K...
General Check archive.org Show headers Download Go to Full URL https://cs.xiht.plus/line/js/torimochi.js Requested by Host: cs.xiht.plus URL: https://cs.xiht.plus/line/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 160.20.59.33 , Hong Kong, ASN133115 (HKKFGL-AS-AP HK Kwaifong Group Limited, HK), Reverse DNS Software nginx / Resource Hash Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://cs.xiht.plus/line/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Fri, 03 Dec 2021 11:56:54 GMT server nginx content-length 548 content-type text/html
GET H2	404	messages cs.xiht.plus/line/index_files/	0 0	59ms 58ms	Script text/html	160.20.59.33 HKKFGL-AS-AP HK K...
General Check archive.org Show headers Download Go to Full URL https://cs.xiht.plus/line/index_files/messages Requested by Host: cs.xiht.plus URL: https://cs.xiht.plus/line/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 160.20.59.33 , Hong Kong, ASN133115 (HKKFGL-AS-AP HK Kwaifong Group Limited, HK), Reverse DNS Software nginx / Resource Hash Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://cs.xiht.plus/line/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Fri, 03 Dec 2021 11:56:54 GMT server nginx content-length 548 content-type text/html
GET H2	200	chunk-common.css cs.xiht.plus/line/css/	50 KB 21 KB	118ms 117ms	Stylesheet text/css	160.20.59.33 HKKFGL-AS-AP HK K...
General Check archive.org Show headers Download Go to Full URL https://cs.xiht.plus/line/css/chunk-common.css Requested by Host: cs.xiht.plus URL: https://cs.xiht.plus/line/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 160.20.59.33 , Hong Kong, ASN133115 (HKKFGL-AS-AP HK Kwaifong Group Limited, HK), Reverse DNS Software nginx / Resource Hash 8f373e088bf0247e483b1b5ecc3a9668a3aed14bdf7e8b3423a130523864436b Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://cs.xiht.plus/line/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Fri, 03 Dec 2021 11:56:54 GMT content-encoding gzip last-modified Mon, 25 Oct 2021 22:49:28 GMT server nginx etag W/"61773478-c889" vary Accept-Encoding content-type text/css cache-control max-age=43200 strict-transport-security max-age=31536000 expires Fri, 03 Dec 2021 23:56:54 GMT
GET H2	200	chunk-common.js Show response cs.xiht.plus/line/js/	99 KB 29 KB	172ms 171ms	Script application/javascript	160.20.59.33 HKKFGL-AS-AP HK K...
General Check archive.org Show headers Download Go to Full URL https://cs.xiht.plus/line/js/chunk-common.js Requested by Host: cs.xiht.plus URL: https://cs.xiht.plus/line/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 160.20.59.33 , Hong Kong, ASN133115 (HKKFGL-AS-AP HK Kwaifong Group Limited, HK), Reverse DNS Software nginx / Resource Hash 1aa29eb304bddce08e60f5de334ad7307b65ddd121e360ca1bebcedeecd5bda3 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://cs.xiht.plus/line/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Fri, 03 Dec 2021 11:56:54 GMT content-encoding gzip last-modified Mon, 25 Oct 2021 22:49:28 GMT server nginx etag W/"61773478-18d27" vary Accept-Encoding content-type application/javascript cache-control max-age=43200 strict-transport-security max-age=31536000 expires Fri, 03 Dec 2021 23:56:54 GMT
GET H2	404	chunk-vendors.js cs.xiht.plus/	0 0	173ms 172ms	Script text/html	160.20.59.33 HKKFGL-AS-AP HK K...
General Check archive.org Show headers Download Go to Full URL https://cs.xiht.plus/chunk-vendors.js Requested by Host: cs.xiht.plus URL: https://cs.xiht.plus/line/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 160.20.59.33 , Hong Kong, ASN133115 (HKKFGL-AS-AP HK Kwaifong Group Limited, HK), Reverse DNS Software nginx / Resource Hash Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://cs.xiht.plus/line/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Fri, 03 Dec 2021 11:56:54 GMT server nginx content-length 548 content-type text/html
GET H2	200	index.css cs.xiht.plus/line/css/	1 KB 587 B	172ms 171ms	Stylesheet text/css	160.20.59.33 HKKFGL-AS-AP HK K...
General Check archive.org Show headers Download Go to Full URL https://cs.xiht.plus/line/css/index.css Requested by Host: cs.xiht.plus URL: https://cs.xiht.plus/line/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 160.20.59.33 , Hong Kong, ASN133115 (HKKFGL-AS-AP HK Kwaifong Group Limited, HK), Reverse DNS Software nginx / Resource Hash 78de89876929c54e42832411a12483264c4b65ef2a0ed7e666caa0f72a2a0019 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://cs.xiht.plus/line/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Fri, 03 Dec 2021 11:56:54 GMT content-encoding gzip last-modified Mon, 25 Oct 2021 22:49:28 GMT server nginx etag W/"61773478-407" vary Accept-Encoding content-type text/css cache-control max-age=43200 strict-transport-security max-age=31536000 expires Fri, 03 Dec 2021 23:56:54 GMT
GET H2	200	index.js Show response cs.xiht.plus/line/js/	42 KB 12 KB	174ms 173ms	Script application/javascript	160.20.59.33 HKKFGL-AS-AP HK K...
General Check archive.org Show headers Download Go to Full URL https://cs.xiht.plus/line/js/index.js Requested by Host: cs.xiht.plus URL: https://cs.xiht.plus/line/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 160.20.59.33 , Hong Kong, ASN133115 (HKKFGL-AS-AP HK Kwaifong Group Limited, HK), Reverse DNS Software nginx / Resource Hash e567f11657461ac1c42ecf2e1baf73f3e2fe4623d75c3031292e053b1b32248c Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://cs.xiht.plus/line/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Fri, 03 Dec 2021 11:56:54 GMT content-encoding gzip last-modified Mon, 25 Oct 2021 22:49:28 GMT server nginx etag W/"61773478-a732" vary Accept-Encoding content-type application/javascript cache-control max-age=43200 strict-transport-security max-age=31536000 expires Fri, 03 Dec 2021 23:56:54 GMT
GET H2	404	translateelement.css cs.xiht.plus/line/css/	0 0	173ms 172ms	Stylesheet text/html	160.20.59.33 HKKFGL-AS-AP HK K...
General Check archive.org Show headers Download Go to Full URL https://cs.xiht.plus/line/css/translateelement.css Requested by Host: cs.xiht.plus URL: https://cs.xiht.plus/line/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 160.20.59.33 , Hong Kong, ASN133115 (HKKFGL-AS-AP HK Kwaifong Group Limited, HK), Reverse DNS Software nginx / Resource Hash Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://cs.xiht.plus/line/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Fri, 03 Dec 2021 11:56:54 GMT server nginx content-length 548 content-type text/html
GET H2	200	lc_common.js Show response cs.xiht.plus/line/js/	28 KB 11 KB	174ms 174ms	Script application/javascript	160.20.59.33 HKKFGL-AS-AP HK K...
General Check archive.org Show headers Download Go to Full URL https://cs.xiht.plus/line/js/lc_common.js Requested by Host: cs.xiht.plus URL: https://cs.xiht.plus/line/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 160.20.59.33 , Hong Kong, ASN133115 (HKKFGL-AS-AP HK Kwaifong Group Limited, HK), Reverse DNS Software nginx / Resource Hash df060161a50635edf41b7c67193d5c101c1a19dfb7cd7ed4dd948128937afe63 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://cs.xiht.plus/line/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Fri, 03 Dec 2021 11:56:54 GMT content-encoding gzip last-modified Mon, 25 Oct 2021 22:49:28 GMT server nginx etag W/"61773478-71ea" vary Accept-Encoding content-type application/javascript cache-control max-age=43200 strict-transport-security max-age=31536000 expires Fri, 03 Dec 2021 23:56:54 GMT
GET H2	200	chunk-vendors.js Show response cs.xiht.plus/line/js/	370 KB 142 KB	175ms 174ms	Script application/javascript	160.20.59.33 HKKFGL-AS-AP HK K...
General Check archive.org Show headers Download Go to Full URL https://cs.xiht.plus/line/js/chunk-vendors.js Requested by Host: cs.xiht.plus URL: https://cs.xiht.plus/line/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 160.20.59.33 , Hong Kong, ASN133115 (HKKFGL-AS-AP HK Kwaifong Group Limited, HK), Reverse DNS Software nginx / Resource Hash 8f3c131717953ff7ad807f587dfcec4b56663fba12c533ba913ea3b0fa35ce92 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://cs.xiht.plus/line/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Fri, 03 Dec 2021 11:56:54 GMT content-encoding gzip last-modified Mon, 25 Oct 2021 22:49:28 GMT server nginx etag W/"61773478-5c647" vary Accept-Encoding content-type application/javascript cache-control max-age=43200 strict-transport-security max-age=31536000 expires Fri, 03 Dec 2021 23:56:54 GMT
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 847d75b96b7fbb7a0495dcd04d2b1185bf598f5bcbeb37b130c114845b467d69 Request headers Accept-Language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Line (Online)

161 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| toVaild function| BigInteger function| nbi function| am1 function| am2 function| am3 function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| bnClone function| bnIntValue function| bnByteValue function| bnShortValue function| bnpChunkSize function| bnSigNum function| bnpToRadix function| bnpFromRadix function| bnpFromNumber function| bnToByteArray function| bnEquals function| bnMin function| bnMax function| bnpBitwiseTo function| op_and function| bnAnd function| op_or function| bnOr function| op_xor function| bnXor function| op_andnot function| bnAndNot function| bnNot function| bnShiftLeft function| bnShiftRight function| lbit function| bnGetLowestSetBit function| cbit function| bnBitCount function| bnTestBit function| bnpChangeBit function| bnSetBit function| bnClearBit function| bnFlipBit function| bnpAddTo function| bnAdd function| bnSubtract function| bnMultiply function| bnDivide function| bnRemainder function| bnDivideAndRemainder function| bnpDMultiply function| bnpDAddOffset function| NullExp function| nNop function| nMulTo function| nSqrTo function| bnPow function| bnpMultiplyLowerTo function| bnpMultiplyUpperTo function| Barrett function| barrettConvert function| barrettRevert function| barrettReduce function| barrettSqrTo function| barrettMulTo function| bnModPow function| bnGCD function| bnpModInt function| bnModInverse function| bnIsProbablePrime function| bnpMillerRabin function| Arcfour function| ARC4init function| ARC4next function| prng_newstate function| rng_seed_int function| rng_seed_time function| rng_get_byte function| rng_get_bytes function| SecureRandom function| parseBigInt function| linebrk function| byte2Hex function| pkcs1pad2 function| RSAKey function| RSASetPublic function| RSADoPublic function| RSAEncrypt function| RSAEncryptB64 function| pkcs1unpad2 function| RSASetPrivate function| RSASetPrivateEx function| RSAGenerate function| RSADoPrivate function| RSADecrypt object| lc object| nj number| dbits number| canary boolean| j_lm number| BI_FP string| BI_RM object| BI_RC number| rr number| vv object| lowprimes number| lplim number| rng_psize undefined| rng_state object| rng_pool number| rng_pptr number| t undefined| z object| Base64 object| jQuery object| webpackJsonp object| core object| __core-js_shared__ function| setImmediate function| clearImmediate object| regeneratorRuntime string| lap_optout_check_api_url

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cs.xiht.plus/	1969-12-31 23:59:59	Name: PHPSESSID Value: 9npcve9af5dvbcv0riie89rpn7

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cs.xiht.plus/line/js/torimochi.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://cs.xiht.plus/line/index_files/messages Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://cs.xiht.plus/chunk-vendors.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://cs.xiht.plus/line/css/translateelement.css Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cs.xiht.plus
160.20.59.33
1aa29eb304bddce08e60f5de334ad7307b65ddd121e360ca1bebcedeecd5bda3
33d8a2ac1557580cf6b60f833be3d06ebab915f787840b89eda95adc19751be7
78de89876929c54e42832411a12483264c4b65ef2a0ed7e666caa0f72a2a0019
847d75b96b7fbb7a0495dcd04d2b1185bf598f5bcbeb37b130c114845b467d69
8f373e088bf0247e483b1b5ecc3a9668a3aed14bdf7e8b3423a130523864436b
8f3c131717953ff7ad807f587dfcec4b56663fba12c533ba913ea3b0fa35ce92
df060161a50635edf41b7c67193d5c101c1a19dfb7cd7ed4dd948128937afe63
e567f11657461ac1c42ecf2e1baf73f3e2fe4623d75c3031292e053b1b32248c